Building & Product

What can go wrong when an agent acts on my behalf, and how do I keep it safe?

The short answer

The core risk is Simon Willison's lethal trifecta: an agent that can read your private data, sees untrusted content (any email or web page), and can communicate externally can be tricked by a poisoned message into leaking or destroying things, with no bug in your code required. Prompt injection remains unsolved, so design around it: give agents the minimum access needed, never combine all three capabilities in one agent, require human approval for anything that sends, spends or deletes, and log everything.

A quick orientation. The real value is below: resources worth your time, from people who've actually done it.

16 resources worth your time

More in AI Agents

eChai Partner Brands